For many high-assurance applications such as TLS traffic, medical databases, and blockchains, forward secrecy is absolutely essential. It is not sufficient to prevent an attacker from immediately decrypting sensitive information. Here the threat model encompasses situations where the adversary may dedicate many years to the decryption of ciphertexts after their collection. One potential way forward…

RT @el33th4xor: Lattices everywhere. Which make transactions slightly larger. That's it.
Making crypto work in a post-quantum world poses no insurmountable challenges. In fact, we already have the tech right now, and we are simply avoiding the costs until quantum computers are a real threat. https://t.co/9GYm4AIi9E

Lattices everywhere. Which make transactions slightly larger. That's it.
Making crypto work in a post-quantum world poses no insurmountable challenges. In fact, we already have the tech right now, and we are simply avoiding the costs until quantum computers are a real threat. https://t.co/9GYm4AIi9E

I have a close friend working at the foremost QC lab at Yale. He said it takes weeks to get just two qubits and you're lucky if the superposition last more than a few microseconds. We're at least 5-10 years out from factoring numbers bigger than 15, much less creating a functional QFT gate and completing Shor's algorithm to factor 4096 RSA (which would require hundreds of high quality qubits to remain in super position for up to a few seconds).